[Owasp-board] Public Statements, Personal Thoughts, The Voice of OWASP

Jim Manico jim.manico at owasp.org
Wed Feb 5 19:30:34 UTC 2014

+1 Michael. If you see anything from me other others that is of concern, 
please say so. I suggest that anyone who is going to speak on behalf of 
OWASP go through press training with members of staff. We also have to 
balance this with the "open" nature of our bylaws and mission. We really 
are a unique organization.

I think - especially for board members - to clarify when speaking in 
public. Something like:  "OWASP does not endorse any commercial entity, 
including myself or my company. These opinions are my own and not 
official OWASP policy."

Michael, I don't mean to point the finger at you, but I'm about to do 
just that. Check out 
where you give commercial analysis on security startups. In this 
broadcast, the OWASP logo is used, very contentious OWASP political 
issues are being discussed, and the mix of commercialism and official 
OWASP representation seems muddled. This is exactly the kind of thing we 
want to avoid.

Perhaps we could separate commercial analysis from "official" updates on 
OWASP? Or at least provide some kind of disclaimer?

Hey we are all human here. If you ever interpret any of my actions as 
stepping over the line, please call me on it and I'll try to do better.


> Board,
> I'd like to bring up a topic for thought. As board members we 
> individually have very little power. Hence the entire process of a 
> vote for decisions and the rule of majority.
> In addition, we also each wear a variety of hats - our professional 
> "day job" our "owasp hat", our own ideas separate from each, etc.
> I mention these items for the following scenarios:
> 1. We need to be careful about acting as individuals and issuing 
> statements on behalf of OWASP. I believe an official channel for OWASP 
> statements is much more clear for the community and the world rather 
> then individual statements by board members on blogs, twitter, 
> interviews, etc.
> 2. Currently our owasp blog serves a variety of purposes. Whether or 
> not we intend, any post made here will also be interpreted as an 
> official statement by OWASP. Food for thought - there are multiple 
> people that can post to this blog. If we hastily issue a post here it 
> could be picked up as an official statement by OWASP before we have a 
> chance to fully flush out the wording or message.
> 3. Our mailing lists are all publicly archived. This is great and by 
> design. Keep in mind that your statements will be referenced within 
> stories, future discussions, etc. We should do our best to keep on 
> topic within subject threads, change subject lines when conversation 
> drifts, and be cognizant that emails sent in haste will live on forever.
> I'm interested in others thoughts on this. Building clear official 
> channels for OWASP statements will make our messages more powerful and 
> easier for others to spread.
> --
> Michael Coates
> @_mwc
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140205/532c9aa9/attachment.html>

More information about the Owasp-board mailing list